Application No.: 10/041,005 
Amendment/Response dated S- ^-0'7 
Response to Final Office action dated March 19, 2007 

Amendment to the Claims: 

This listing of claims will replace all versions, and listings, of claims in the application: 

Listing of Claims: 

1-70. (Cancelled) 

71. (Currently Amended) A system, comprising: 
an authentication server disposed on a network; 

a switch coupled to the network and communicatively coupled to the authentication 
server via the network; and 

an access point communicatively coupled to the switch; 

wherein the switch is configured to be the authenticator for the access point and is 
configured to authenticate the access point with the authentication server and establish a secure 
communication session with the switch access point ; 

wherein the access point is configured to be the authenticator for a wireless client, the 
access point communicates with the authentication server using the secure communication 
session established with the switch; 

wherein the access point is configured to send a message to the switch comprising data 
representative of an authenticated the wireless client responsive to the authenticated wireless 
eMent-successfully authenticating the wireless client with the authentication server; and 

wherein the access point is configured to forward all communications received from the 
authenticated wireless client to the switch responsive to the au t he n ticate d wireless client 
successfully authenticating with the authentication server. 

72. (Previously Presented) The system according to claim 71, the switch comprises a 
table of authorized users, wherein the switch updates the table of authorized users with the 
medium access control address of the authenticated wireless client. 
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73. (Previously Presented) The system according to claim 71, the switch comprises a 
table of authorized users, wherein the switch updates the table of authorized users with the 
medium access control list, the quality of service parameters and the access control list of the 
authenticated wireless client. 

74. (Previously Presented) The system according to claim 71, wherein a session key is 
generated for subsequent communications between the authenticated wireless client and the 
access point responsive to the authenticated wireless client successfully authenticating with the 
authentication server. 

75. (Previously Presented) The system according to claim 71, further comprising the 
authentication server is responsive to establish a message authentication check key for the secure 
communication session between the switch and the access point. 

76. (Previously Presented) The system according to claim 75, wherein the a message 
authentication check key uniquely identifies the access point to the switch. 

77. (Previously Presented) The system according to claim 75, further comprising: 

the access point is configured to send the data representative of the authenticated wireless 
client signed with the message authentication check key; and 

the switch is responsive to receiving the data representative of the authenticated wireless 
client to verify the message authentication check key. 

78. (Previously Presented) The system according to claim 77, further comprising: 

the switch is configured to maintain a database containing authorized media access 
control addresses; and 

the switch is configured to verify the message with the data representative of the 
authenticated wireless client was sent by the access point by verifying the media access control 
address of the access point. 
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79. (Previously Presented) The system according to claim 78, further comprising: 

the data representative of the authenticated wireless client comprises a media access 
control address for the authenticated wireless client; 

the switch is responsive to receiving the data representative of the authenticated wireless 
client to store the media access control address for the authenticated wireless client in the 
database; and 

the switch is responsive to receiving packets from the authenticated wireless client 
forwarded by the access point to verify the media access control address of the packets from the 
authenticated wireless client with the database. 

80. (Previously Presented) The system according to claim 71, wherein the secure 
communication session is established between the switch and the access point prior to 
authenticating the authenticated wireless client. 

81. (Previously Presented) The system according to claim 71, further comprising: 
the switch maintains a database of authenticated supplicants; and 

the switch stores the media access control of the access point in the database responsive 
to the access point successfully authenticating with the authentication server. 

82. (Currently Amended) A system, comprising: 
an authentication server disposed on a network; 

a first authenticator communicatively coupled to the authentication server via the 
network; and 

a first supplicant second authenticator communicatively coupled to the first authenticator; 

wherein the first authenticator is an authenticator for the supplicant second authenticator 
and is configured to authenticate the second authenticator w ith the authentication server and 
establish a secure communication session with the fesfr -second authenticator; 

wherein the first second authenticator supplicant is configured to function as an 
authenticator for a second supplicant communicatively coupled to the fes^-suppMeant second 



72255:08267\934949.2 



Page 4 of 9 



Application No.: 10/041,005 

Amendment/Response dated 5~- < ?~<- r 7 

Response to Final Office action dated March 19, 2007 



authenticate!-, the second authenticates communicating with the authentication server through the 
secure communication session with the first authenticate)- ; 

wherein the first supplicant second authenticator is configured to send a message with 
data representative of the second supplicant to the first authenticator responsive to the second 
supplicant successfully authenticating with the authentication server; and 

wherein the first — supplicant second authenticator is configured to forward all 
communications received from the seeesd-supplicant to the first authenticator responsive to the 
second supplicant successfully authenticating with the authentication server. 

83. (Currently Amended) The system according to claim 82, the first authenticator 
comprises a table of authorized users, wherein the first authenticator updates the table of 
authorized users with the medium access control address of the first supplicant second 
authenticator . 

84. (Previously Presented) The system according to claim 83, further comprising the 
first authenticator updates the table of authorized users with an access control list and quality of 
service parameter for the second supplicant. 

85. (Currently Amended) The system according to claim 82, wherein a session key is 
generated for subsequent communications between the second supplicant and the first 
supplicant second authenticator responsive to the authenticated wireless client successfully 
authenticating with the authentication server. 

86. (Currently Amended) The system according to claim 85, further comprising the 
authentication server is responsive to establish a message authentication check key for the secure 
communication session between the first authenticator and the fi rst supptiea»t secon d 
authenticator . 



87. (Currently Amended) The system according to claim 86, further comprising the 
^ second authenticator is configured to send the data representative of the second 
supplicant signed with the message authentication check key. 
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88. (Currently Amended) The system according to claim 87, further comprising: 

the first supplicant second authenticator is configured to maintain a database containing 
authorized media access control addresses; and 

the first supplicant authenticator is configured to verify the message with the data 
representative of the second supplicant was sent by the first supplicant second authenticator by 
verifying the media access control address of the access point second authenticator . 

89. (Currently Amended) The system according to claim 88, further comprising: 

the data representative of the second supplicant comprises a media access control address 
for the s econd supplicant; 

the first supplicant suthenticator is responsive to receiving the data representative of the 
second supplicant to store the media access control address for the second supplicant in the 
database; and 

the first authenticator is responsive to receiving packets from the second supplicant 
forwarded by the first supplicant second authenticator to verify the media access control address 
of the packets from the second supplicant with the database. 

90. (Currently Amended) A method, comprising: 

authenticating a first with an authentication server through a[[n]] first authenticator; 
establishing a secure communication session with the first authenticator responsive to a 
successful authentication with the authentication server; 

receiving an authentication request from a second supplicant; 

authenticating for w ardi ng th e authentication request from the seco nd supplicant to- with 
the authentication server via the authenticator secure communication session ; 

receiving a response from the authentication server via the authenticator secure 
communication session indicating a successful authentication of the second supplicant; 

sending data representative of the second supplicant to the first authenticator; and 

forwarding all communications received from the second supplicant to the first 
authenticator responsive to receiving [[a]]the response from the authentication server via the 
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authenticator secure communication sessoin indicating a successful authentication of the second 
supplicant. 

91. (Currently Amended) The method according to claim 90, further comprising 
generating a session key for subsequent communications between with the first supplicant and 
the second supplicant responsive to the second supplicant successfully authenticating with the 
authentication server. 

92. (Currently Amended) The method according to claim 91, further comprising 
establishing a message authentication check key for the secure communication session between 
with the first authenticator and the first supplicant . 




93. (Currently Amended) The method according to claim 92, further comprising: 
the first supplicant is configured t o-send ing the data representative of the second 
supplicant to the first authenticator signed with the message authentication check key. 

Claims 94 - 100 (Canceled) 

101. (New) A system according to claim 71, wherein the authentication server is 
configured to send data representative of a session key for the wireless client to the access point 
responsive to the wireless client successfully authenticating. 
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